Proof of Concept

58f6acb93609ffb19e24203339da5d89

6bd9821ab037703a4e05285b936290f6

10/10

This machine starts with a page which appears to be accessing a dashboard. It tests your ability to research plugins and version for CVEs and default credentials. After bruteforcing or using default credentials we move onto a nice investigation into users and their credentials for pilaging. This leads to the use of SSH to receive the user flag with the pillaged credentials then we are challenged to escalate privilege. On the exploited host there is a .zip file containing two files vital to the escalation. We discover that the file belongs to an application called "KeePass" and we are able to retreive a hash using keepass2john, however bruteforcing this appeared to lead to rabbit holes so also this tests our ability to adapt. This leads us to researching further and a public exploit appears named keepass-dump-masterkey. Using this exploit we receive a passphrase that still isn't obviously clear and tests our ability to think even more since the passphrase contains characters unrecognisable as they are Dutch. After doing a google search we can find results of the possible passphrase and can open the protected .kdbx file. Finally, this leads to revealing root credentials but also we have one final twist. There is a PuTTy RSA key file that we find and needs to be converted to OpenSSH. After this final twist of converting the RSA key file we are able to SSH into the host using root credentials and OpenSSH key to exploit the root flag.